Posted
by
CmdrTacoon Tuesday May 18, 2010 @11:00AM
from the cry-them-a-river dept.

bennyboy64 writes "Smartphones that offer the ability to 'remote wipe' are great for when your device goes missing and you want to delete your data so that someone else can't look at it, but not so great for the United States Secret Service, ZDNet reports. The ability to 'remote wipe' some smartphones such as BlackBerry and iPhone was causing havoc for law enforcement agencies, according to USSS special agent Andy Kearns, speaking on mobile phone forensics at a security conference in Australia."

To me it highlights how much bumbling idiots these guys are. If you have a phone that you NEED the evidence inside it, the second you get it you wrap that thing in several layers of tinfoil and take it directly to a faraday cage workspace to start the process. Honestly, this should have been standard practice for ANY phone over the past 10 years.

I know this is crazy talk, but if you read the article they specifically say that their standard procedure is to put the phone in a Faraday bag. From there the phone is then brought to a shielded room for dissection.

Like everything else... it's people, policies and procedures.

Just because an agent has a kit containing a Faraday bag, doesn't mean they'll use it...

Umm... Because it suggests that the phones (though not the networks) aren't backdoored?

The fact that the Secret Service, who ought to be a bit sharper than Joe Beat Cop, haven't mastered the art of "turning the phone off before it gets wiped" doesn't strike me as a good thing. However, the fact that "wipe" means "wipe" not "Wipe, unless the state says otherwise" does.

The fact that the Secret Service, who ought to be a bit sharper than Joe Beat Cop, haven't mastered the art of "turning the phone off before it gets wiped" doesn't strike me as a good thing. However, the fact that "wipe" means "wipe" not "Wipe, unless the state says otherwise" does.

Right, because the S.S. never works with local law enforcement,etc, etc.

Frankly, I give a shit if the S.S. can read the information on my phone if they detain me. First, in order for me to be detained by the S.S., I'd have to be

Except the S.S. aren't the only one who could benefit from this information. I'm sorry for them but the reality is that the function is performing as advertised. The S.S. having a backdoor is just that much easier for crackers to get in your phone. Remote wipe is an important feature now that our phones hold much more info then they used to.

I'm waiting for the "first they came for the _____" responses. The reality is, the S.S. doesn't give a damn about the average person. They're concerned with counterfeiters and threats to dignitaries and the President. If having the information off the phone helps them capture counterfeiters and helps to uncover terroristic plots against US dignitaries, fine by me.

>>>Frankly, I give a shit if the S.S. can read the information on my phone if they detain me. First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

Yeah. After all the government never, never arrests innocent people and throws them in jail to rot. So you're right. Nothing to fear.

/end sarcasm

Here's an interesting case where government cops entered the wrong house (therefore an illegal warrantless search) to do a drug raid. Of course there were no drugs at the address (again: wrong house), but the man inside was scared to death so he ran to his bedroom and hid for fear of his life. When the intruders entered, he acted in self-defense of his life and killed the intruder. Then he was charged with murder and sentenced to life for murder.

That man is completely innocent, but nobody seems to give two shits. He's already spent a decade in jail. It could have just as easily been you.

And to make matters worse, if the police raided your home and killed you and your family "by accident", they'd be all like "oops, my bad" and that'd be the last you'd hear of it. Try to defend yourself and you're committing some form of crime whether that be murder or "obstruction of justice"..

The SS thing is a red herring. So what, they're one small part of the government. They only have a two-letter acronym!

What about the FBI? NSA? CIA? Trust the SS all you want. The other three-letter agencies? I don't trust them, and it's their own fault. Had they not repeatedly abused the public trust for the past several decades, I might feel differently.

First, in order for me to be detained by the S.S., I'd have to be in a pretty precarious situation in the first place.

They're concerned with counterfeiters and threats to dignitaries and the President.

And the best part is that since the Secret Service themselves get to define "threats to dignitaries and the President", there's no way anybody would ever be investigated by them for speech that isn't actually threatening but is political.

Note: please make sure you run the above through the sarcasm detector [slashdot.org] before replying.

As others have pointed out, there can also be mistakes, like Richard Jewell [wikipedia.org] and the bombing at the 1996 Olympics. It that case, it wasn't the Secret Service, but anyone can screw up.

Imagine if that was today. They would have taken a record of every person the called, and then investigate all those people.

Do you need to actually live in a fascist state before you get it?Talk to people who lived in the soviet union during the 70s. All that was done under the guise of making people safer and catching 'bad guys'.

You need to stop living under the pretense that only guilty people get investigated.

Because they want to keep it in an unchanged state until it can be handed to the forensics techs. Turning off the power will wipe anything in the ram. Now they have to make the decision to kill the power or risk a remote wipe.

And the Forensic techs now need to make sure they power the device up in a signal free area, so a latent wipe command can't be sitting on the network waiting for the device to log in and receive the command.

The Service will now need to ensure it's agents always have an exploita

Because they want to keep it in an unchanged state until it can be handed to the forensics techs. Turning off the power will wipe anything in the ram. Now they have to make the decision to kill the power or risk a remote wipe.

Or they can have Faraday cage boxes made up and pop the phone into a box as part of the standard procedure of picking it up. Putting the phone into a locked box as soon as it's picked up is good for the evidence chain anyways.

...if they are unable to gain access to these phones before they're remotely wiped, that's a bad thing. I don't understand why people think this is a good thing.

Because if they are able to gain access to these phones before they're remotely wiped, then other people can gain access to your phone before it can be remotely wiped. 99.999% of those people do not have your best interest at heart. Probably 99.9% of them are thieves and criminals trying to screw you over. 0.099% of them are law enforcement officials overstepping the bounds of what is allowed by law. (But it would cost you tens or hundreds of thousands in legal fees to prove it in court, and you'd risk the chance that you get an idiot judge who sets a bad precedent for everyone else.)

If we're lucky, 0.001% of them have anything to do with the president or counterfeiters, but really, I think that's being generous.

No, they're for counterfeiting and reporting back to the treasury department on the Presidents actions/physically threatening the president, because the treasury really runs this country./Or some crazy conspiracy theory, I can't remember which.//As conspiracy theories goes, it is one of the better ones.

Sometimes phones are configured to self-erase, if turned off, if the battery is removed, or if an incorrect password is entered 10 times.
So pressing the power button can actually initiate a secure erase.

iPhone 3GS with OS4 will be secure, it will wipe the key immediately and then clean the datastore in the background. This change was made because the old phones took forever to wipe their fairly large flash storage space.

The 3GS should be pretty secure now; the key is wiped immediately, although I don't know if the data store is cleaned. The feature wasn't brought out until OS3, so the 3G and 2G phones shouldn't expect the function. Only the 3GS encrypts the data on the device itself and has the hardware to support on-the-fly decryption.

Were I in law enforcement, I would institute a policy where electronic devices were put into a signal inhibiting box (Faraday cage) upon acquisition. Said box could then be taken to a room for analysis. It won't necessarily prevent the wipe, but it will help a lot. Would also help in situations where the bad guys were doing something with the phone signal (like trying to locate where the cops were staked out).

Had you RTFA, you'd know that this is already in place. It's just that the occasional agent here and there has forgotten to follow it and has sent a device off to the lab without removing the battery and/or putting it in the shielded envelope.

The entire FA is a big fuss about nothing, AFAICT. Even the lab admitted that it happens occasionally but it's not a huge problem.

But even for an iPhone, you can't remote wipe it if the device is powered down, right? I would think even putting it in airplane mode would be sufficient, as the phone stops, well, "phoning home". And if the Secret Service can't even manage to remember to turn off the phone, well, yeah. My heart bleeds for them.

If you don't have time to make a tinfoil hat then an anti-static bag is just as effective.

I'm not so sure about that. The tinfoil hat might work okay but if you're talking about the typical plastic anti-static bag then I think you're mistaken. RF will go right through one of those things, especially at the frequencies (~800MHz-2.5GHz) on which cell phone networks operate.

My understanding is that the accepted "proper" way to do it is to have all the user-relevant data on the phone stored in encrypted form, with a stored key making it transparently accessible. That way, when the "wipe" command comes, you just have to nuke the key, which takes mere moments, rather than a potentially quite large block of Flash, possibly hiding behind one or more controller chips that are abstracting things, and remapping, and doing other stuff that interferes with your ability to wipe the data hard enough to resist an adversary willing to physically inspect the memory chips, or even a raw dump of their contents.

If a phone implements that correctly, any three-letter-agency without a magic quantum computer stolen from the Greys isn't going to be able to do much about it. If there is some nasty flaw in their implementation, or if they use an inferior system of some sort, it is quite possible that fairly trivial attacks will reveal most or all of the information.

any three-letter-agency without a magic quantum computer stolen from the Greys isn't going to be able to do much about it.

I call you a liar.. CSI is a 3 letter agency and they surely won't need some imaginary computer stolen from some imaginary space peoples in order to recover the photo that the victim took of their attacker just moments before they died.

Plus even if the attacker's face is only 10 pixels wide in the grainy, dark, blurry photo they can zoom it right up, run an "enhance filter" (proprietary CSI stuff) on it a few times and see his face in high resolution.

This is how Windows Mobile 6 and newer protect the contents on the memory card. It creates a key (and I forgot what exact file it uses under \Windows), and when writing to files on the SD card, uses that key with AES-128. When reading files, it checks the file against the list of keys stored to see if it can decrypt it. If it can, it will transparently decrypt it.

Hard reset the WM device either by a remote wipe, too many wrong PINs, or physically, and that keyfile is wiped and recreated with a new random

Usually (as in the case with the iPhone and Blackberry), all data is encrypted by default and the remote wipe deletes the encryption key a couple of times. This makes all data unreadable and unrecoverable - even if you could read the data it would still be worthless.

That would require every police officer to know how to navigate the menu system and do that on every smartphone ever made. Even just turning off a phone you've never seen before isn't necessarily obvious.

What isn't clear to me is exactly what evidence they're expecting to find. A log of every phone call made or received, and every text sent or received, is already available from the service provider. If a criminal is smart enough to know about and deploy a remo

Some phones never truly turn off, and have the ability to be turned on remotely. The government was pushing for this feature, and now it has turned around and bit them. The only way to be certain that the black box you are carrying cannot communicate with the outside world is to remove the battery or stick it in a Faraday cage. Both methods have advantages and disadvantages.

I can't think of any disadvantages to a faraday cage for a normal unrigged phone, other than the fact that you have to have one with you. The first cop on the scene probably won't, and will have to wait for the crime scene folks to show up. The phone could be remote wiped in that time. The disadvantages of removing the battery are that there may be info that is lost upon removing power and that not all phones have removable batteries.

A phone could be rigged to clear itself on boot and/or in the case of bein

"Hopefully our officers are putting the cell phones in a Faraday bag that is shielded, pulling the battery [out] and turning them off [before] getting them into the shielded laboratory."

Deep below the earths crust where an army of techie-like-gremlins work tirelessly in a labrinthy maze of dusty, dirty laboratories consisting of ancient testing equipment made before the dawn of man. Only Down here, where only the flicker of overhead lamps shine shadows into the darkness, is justice done.

No it doesn't. It requires a simple, mindless process: supply all agents with shielded bags for mobile phones, instruct them that the process for mobile phone evidence is it goes in the special bag and does not come out before it gets to the lab.

And if there's one thing most law enforcement agencies worldwide are extremely good at, it's simple mindless processes.

"Sometimes you'll get a cellphone that comes in that is wiped, [but] it's not all that common," he said. Agents were trained to incapacitate devices, but Kearns cautioned that not all enforcement agencies had the same knowledge.

So basically, this is crime scene preservation training 101. If an officer stumbles around a physical murder scene, eating hot chicken wings, randomly picking up pieces of evidence, and leaving delicious buffalo sauce all over everything, he will destroy the physical evidence before it can be expertly analyzed. But hopefully with adequate training, he learns how to take adequate precautions.

Sure, why not? You think the flash chip will be erased by a little sledgehammer force? But seriously, it does take forever to turn an iPhone/iPod Touch off the proper way. It's holding down two buttons for 10 full seconds before it even responds to the request. Airplane mode would be quicker on an iPhone.

Seems to be that the gating factor with a laptop is that it has to be online in order to get a poison pill. A smart phone, well that's easy to send a poison pill because it's still online even after the point you lose control of the device. A laptop, however, can be left turned off and the disk duplicated before anyone actually turns the power on the drive.

Disk encryption helps to the extent that it prevent an unauthorized people from accessing the drive but that's not the same as a remote wipe, since you

My understanding is that this very feature is either available or available-real-soon-now in certain corporate models with integrated cellular broadband cards(since, effectively, if the PC has a cell card with BIOS integration, doing just about anything a smartphone could do under the circumstances is just a matter of implementation).

Remote wipe is super easy on a laptop. Use full-disk encryption and don't leave your laptop powered on. If they can't guess your passphrase, it's equivalent to what happens when an iPhone is remote-wiped -- with the exception that you could be convinced to give them your passphrase eventually.

So the Slashdot groupthink's anti-law enforcement stance has extended to the Secret Service now? Which part are we in favor of: counterfeiting money or assassinating the president? Personally I'll go ahead and take a bold anti-counterfeiting/anti-assassination position and say that this is a bad thing.

Personally, I'll bet it is the counterfeiting that irritates them most. The gov't hates competition.

From the article:

The problem is that accomplices can remotely wipe the phones if the agencies don't remember to remove the battery or turn off smartphones before sending them off to the forensics laboratory, he said.

Fortunately, the person in the article isn't wanting anything done about it other than agents remembering to do this. Nothing to this article, other than the guy saying "sometimes we forget to do this and it is a pain. Don't forget."

It's a bit much to read that as a blanket anti-law enforcement comment, it simply means that Taco feels that the law enforcement needs of the Secret Service are subordinate to his right to secure his possessions.

Anti-counterfeiting and anti-assassination are good, yeah. Killing Remote Wipe helps more than just the Secret Service, though. Just because we trust the Secret Service does not mean that other three-letter agencies are trustworthy.

The level of paranoia is just too high over all.Honestly part of the problem IMHO is that law enforcement is getting a bad rep because of dumb laws like DMCA and such.I have a friend that works in the FBI. Yes he is very happy to bust some with a warehouse full of counterfeit goods. But I asked him about things like bit torrent and pirating MP3s... His comment was. What a freaking waste of my time. They rarely have to get involved in that and just leave it up to the lawyers.Of course when the police must e

I think most Slashdotters will agree that the Service is well within their rights to perform forensic analysis on any device that they obtain during a lawful search, whether conducted under a warrant, incidental to an arrest, or based on probable cause. I do not believe that the Service suffers a poor track record regarding extralegal searches as does INS and some other agencies.

On the other hand, the availability of an effective "remote wipe" of a personal device is a rightful means of exercising freedom.

If a device serves the interest of a particular user, then that device is less useful to people whose interests conflict with that user.

Not much of a story or revelation when you phrase it that way, huh?

Let's not forget that law enforcement is just one entry on a long, long list of entities whose interests may conflict with the owner of a phone, and most of those people happen to also be law enforcement's opponents. So it's not like you can "fix" the "problem" of devices serving their users, without taking

As I understand it, doing any of the following should be able to prevent a remote wipe from happening:

* put it into "airplane mode"* remove the SIM (assuming GSM with no wifi)* remove the battery

If you need the SIM or battery to get the data off the device, you can then take it to a faraday cage and put the SIM or battery back in once you're sure no signal can get to the phone. Yes?

Anything that protected against these "attacks" would also make it so the phone's user couldn't access their data when the signal strength was sufficiently poor. Which some folks might choose as their configuration, but then they're open to a new kind of denial-of-service attack.

Remote wipe is useful when you want to prevent a random schlub (eg. pickpocket, guy at bar) from getting data off a randomly-acquired phone (eg. "iPhone HD"). I do not think it's useful for preventing a professional with intent from getting data off a phone they're targeting specifically because of its data. Am I wrong?

Nothing I wrote had anything to do with how long a wipe took, it was based on what triggers the wipe, and how to prevent the phone from ever realizing that condition had been met. I think it's possible that you're confused.

For the iPhone for example, a remote wipe for a typical "MobileMe" user requires that user to go to a web site and press the "remote wipe" button. A phone that's in airplane mode will never receive the resulting signal, and won't be wiped.

Walk around the exhibits at any forensic conference and you will see a variety of devices for making sure this does not happen. You can use any of them - they all work. Anything from the Paraben "tent" to the HTCI "glove box". The idea is that you put the phone into a shielded container where you can operate on it to collect evidence.

When the phone is collected you have the choice: either remove the battery or put the phone into a shielded bag. No special shielded bags handy? Then you have to remove power and hope the phone doesn't lock itself. Don't want to deal with a locked phone? Get some shielded bags then.

This isn't a real problem with phones, it is a real problem with having the right knowledge and procedures. It shouldn't even be a matter of training anymore.

My Blackberry locks itself after 15 minutes of non-use. The key to decrypt the data on the phone is itself encrypted by the password (8 characters minimum) that I use to unlock the phone. Screw that password up ten times and the phone wipes. It also locks itself on power-up.

About the only real option would be to either have someone press a button on the phone every 10 minutes (assuming it's not already locked when taken), which would be a real trick when the thing is in a Faraday cage or bag.

The very same things that make the Blackberry and newer iPhones attractive to businesses (and Government agencies, for that matter) are what make it undesirable from a forensics point of view. These things are designed so they can be configured to be extremely paranoid, and are very tough to crack.

And therein lies the problem. If you allow your citizens their own security, you can't see everything they do, and that makes it harder to catch the wrongdoers. If you want absolute information to catch wrongdoers, perhaps a democratic republic with constitutional protection of its citizens is not for you.